An Approach to Server Log Analysis for Abnormal Behaviour Detection

Suman, Reeta

An Approach to Server Log Analysis for Abnormal Behaviour Detection

dc.contributor.advisor	Far, Behrouz
dc.contributor.author	Suman, Reeta
dc.contributor.committeemember	Far, Behrouz
dc.contributor.committeemember	Mohammed, Emad Amin
dc.contributor.committeemember	Mahmood, Moussavi
dc.date	2021-06
dc.date.accessioned	2021-03-23T22:31:29Z
dc.date.available	2021-03-23T22:31:29Z
dc.date.issued	2021-03-19
dc.description.abstract	As the server logs increase in size, it becomes difficult for human experts to manually examine error log messages, analyze the anomalies, and because of the high volume of log data. If the error message is rare or of low frequency, the system does not categorize it as important and get ignored that may leads to fatal errors. Server log analytics has proven to be optimum for active strategies and excellent performances of the system like the preventive maintenance or complete shut-down. Improvements in analytical strategies are necessary for data analysts in handling the large system. For this analytical process to yield good results, the input data need to be of good quality; therefore, research focuses on cleaning and pre-processing techniques. This research proposes the consecutive logical steps to enhance the analysis of log messages. First, we purpose extracting sequences and patterns from the logs by optimizing window sizes without losing valuable information and combining them with forecasting techniques for predictive analytics. Second, we improve topic modelling for low frequency messages through text analysis and language modelling. The resulting proof of concept is not just visualizing the log data; instead, it provides insight into the logs through topics from the error messages. The experiments illustrate the effectiveness of the proposed steps and the approach for error log analysis.	en_US
dc.identifier.citation	Suman, R. (2021). An Approach to Server Log Analysis for Abnormal Behaviour Detection (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca.	en_US
dc.identifier.doi	http://dx.doi.org/10.11575/PRISM/38686
dc.identifier.uri	http://hdl.handle.net/1880/113169
dc.language.iso	eng	en_US
dc.publisher.faculty	Schulich School of Engineering	en_US
dc.publisher.institution	University of Calgary	en
dc.rights	University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.	en_US
dc.subject	LDA - Latent Dirichlet Allocation	en_US
dc.subject	LSTM - Long Short-Term Memory	en_US
dc.subject	RMSE - Root Mean Square Error	en_US
dc.subject	ARIMA - Auto-Regressive Integrated Moving Average	en_US
dc.subject	EAI - Enterprise Application Integration	en_US
dc.subject	PCA - Principal Component Analysis	en_US
dc.subject	EMS - Enterprise Management System	en_US
dc.subject	TF-IDF - Term frequency-inverse document frequency	en_US
dc.subject.classification	Engineering	en_US
dc.title	An Approach to Server Log Analysis for Abnormal Behaviour Detection	en_US
dc.type	master thesis	en_US
thesis.degree.discipline	Engineering – Electrical & Computer	en_US
thesis.degree.grantor	University of Calgary	en_US
thesis.degree.name	Master of Science (MSc)	en_US
ucalgary.item.requestcopy	true	en_US